If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Network Engineer Looking to Dive into Security and Forensics

Hello.

I work as an Information Systems Engineer currently holding my JNCIA, CCNA, and NET+ certifications. The topic of network/computer forensics and cyber security greatly interest me, to the point where I consistantly shadow our Network Management Center when troubleshooting and doing penetration testing (even though its not my job).

I'm at the point now where engineering networks is getting boring and drab to me, and my attention is really caught by the science behind the technologies as well as the forensics involved in determining flaws and vulnerabilities.

So that being said, I am looking for some suggestions as to steps to take to begin my career in security. I am also reading over tutorials and and posts on this subject posted on AO. I already have an intermediate knowledge of networking, routing protocols, TCP/IP, etc...Here is what I am going to try and gain knowledge in which will hopefully put me on the right track:

Another semi-popular certified that i've talked to people about is the CISSP which i believe is the certified information systems security professional. I don't know much about it, but it's there.

I might also suggest checking out live cd's. Many of them have basic, but powerful, security and forensic tools readily available (knoppix std[security tools distro] for example), and i believe ubuntu has one also (im sure theres many, many others though).

Since you have an understanding of networks and such, you have a solid foundation to build on. Your current position requires you to think about the most efficient way to allow things to happen. Your new interests will force you to think of ways to disrupt, eavesdrop and steal from said architecture.

If you understand how TCP works, you should have no problem using a sniffer. Go download wireshark and use it on your own PC to watch traffic and look at what the captures show you. You're a CCNA so you will recognize much of the routing protocols and why they appear.

Forensics is a new born in this sector and while many places are attempting to cast standards in the area, best practice is still cloudy at best. I would leave this alone at first.

Programming is an art form and will take you years to perfect the few languages you've mentioned. I personally focus on PERL as it serves my needs very well. Assembler is something I learned YEARS ago and not for the purpose of reverse engineering. It just turned out that way later on when I got into the security sector.

Being that you have experience in design, I would look into current regulations which force secure designs. You'll need to look into how to segregate networks with firewalls, deploy encryption and most important, you'll need to understand how the business processes work at your company. Once you master that, you can design secure solutions.

But wait, there's more. You must understand and develop a security policy and all the other documents that hang from it. Things like a systems security plan and so forth. These things filter down through the enterprise and will impact how applications are developed in house.

So, to sum it up, I would:

1) Learn about policy design using best practice. See the NIST 800 docs for more info.
2) Learn how to use a sniffer. Experiment by watching conversations with common protocols like HTTP, FTP, SMB, etc.
3) Pick a language and master it before attempting another. Too many langs at once will confuse you.
4) Don't waste money on a vendor centric cert. Look into something like the CISSP (www.isc2.org)
5) Start looking at security tools like Nessus and NMAP. There are tons of resources out there that discuss their uses for both good and bad.
6) Select a good *nix based live CD (Helix comes to mind or the slueth tool kit) and learn how to use the tools on that distro.
7) Understanding business processes is *critical*. If you can't do this, you'll never be able to develop and deploy a secure solution to the enterprise and you'll end up in operations changing backup tapes for a living.

Good luck on your adventure. Oh and one last thing. I don't know many 19 year old network engineers. How is it that you've gotten such a position without a 4 year degree in CIS?

--TH13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

I graduated June 2005. The way my high school was setup was you had to be full time for your freshman year. Once you hit your sophomore year (10) you had the choice to either remain full time or do half a day at a technical school. At that time I was only just getting into computers, and knew nothing about networking. The instrcutor at the tech school was a former sales engineer from Cisco and had also worked at Network General, a very cerebral person.

In any case, I remember being heavily interested in the course work, i.e. learning how the various routing protocols worked, how data is converted into segments, packets, frames, and bits, and how each layer of the OSI worked together to deliver data. Lol I was actually so interested I slacked off on my normal school work to read up on technology and networking, but I still passed thankfully

So I completed all four semesters in about a year and obtained my CCNA. I still had two years left in tech school so I decided to help take the load off my teacher (he was teaching, managing the network, and troubleshooting problems) a bit and setup a little help desk system where teachers could submit tickets if they were having issues. We also used this a little for outsiders as well for donations. This actually turned into my senior project.

At my tech school we have a committee called the OAC (Occupational Advisory Committee). Its composed of several members who currently work in the industry, and we all meet three times a year to review the course curriculum, discuss trends in the industry, and see how we can better prepare students for work in the IT field. It's worked out well so far, and this is where I've met all of my current contacts from various companies such as Network General, Panduit, Cisco, Netex, CNI, etc..

It was at this meeting in August of 2005 where I got my hook into the company I'm at now. At that time I was doing first shifts at a Wawa (never ever work at these places, I've never seen people so ticked over a meatball before ). My teacher bragged about me a good bit which led to talking and eventually an invite to talk furthur about my future. And now here I am, with a Juniper cert added.

Sheesh, sounds like I was writing a biography...but thats my story. Took a lot of hard work to get here though, and now I'm looking at my B.S. in Computer Science as well as all my technical certs...not enough time in a day

Unfortunately, as good as things may sound for me, this place sucks to work at. Very political, old fashioned, thankless, and a sweat shop...over worked and underpaid. We've had a lot of people leave in the past few months for better jobs, tired of all the bs they have to put up with here. But so it goes I guess

Unfortunately no...I work at the Philadelphia Stock Exchange in the Communications Engineering department, been there a year now.

It would be nice to work for Cisco or Juniper since I would be doing more what I enjoy...My ultimate dream is to work for DoD or some high profile government agency working as a security professional. But I have a nice long time for that, no rush I suppose.